Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42

9 files changed, 0 insertions, 418 deletions

diff --git a/app/services/clusters/applications/check_ingress_ip_address_service.rb b/app/services/clusters/applications/check_ingress_ip_address_service.rb
deleted file mode 100644
index e254a0358a0..00000000000
--- a/app/services/clusters/applications/check_ingress_ip_address_service.rb
+++ /dev/null
@@ -1,46 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class CheckIngressIpAddressService < BaseHelmService
-      include Gitlab::Utils::StrongMemoize
-
-      Error = Class.new(StandardError)
-
-      LEASE_TIMEOUT = 15.seconds.to_i
-
-      def execute
-        return if app.external_ip
-        return if app.external_hostname
-        return unless try_obtain_lease
-
-        app.external_ip = ingress_ip if ingress_ip
-        app.external_hostname = ingress_hostname if ingress_hostname
-
-        app.save! if app.changed?
-      end
-
-      private
-
-      def try_obtain_lease
-        Gitlab::ExclusiveLease
-          .new("check_ingress_ip_address_service:#{app.id}", timeout: LEASE_TIMEOUT)
-          .try_obtain
-      end
-
-      def ingress_ip
-        ingress_service&.ip
-      end
-
-      def ingress_hostname
-        ingress_service&.hostname
-      end
-
-      def ingress_service
-        strong_memoize(:ingress_service) do
-          app.ingress_service.status.loadBalancer.ingress&.first
-        end
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/check_installation_progress_service.rb b/app/services/clusters/applications/check_installation_progress_service.rb
deleted file mode 100644
index 10a12f30956..00000000000
--- a/app/services/clusters/applications/check_installation_progress_service.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class CheckInstallationProgressService < CheckProgressService
-      private
-
-      def operation_in_progress?
-        app.installing? || app.updating?
-      end
-
-      def on_success
-        app.make_installed!
-
-        Gitlab::Tracking.event('cluster:applications', "cluster_application_#{app.name}_installed")
-      ensure
-        remove_installation_pod
-      end
-
-      def check_timeout
-        if timed_out?
-          app.make_errored!("Operation timed out. Check pod logs for #{pod_name} for more details.")
-        else
-          ClusterWaitForAppInstallationWorker.perform_in(
-            ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id)
-        end
-      end
-
-      def pod_name
-        install_command.pod_name
-      end
-
-      def timed_out?
-        Time.current.utc - app.updated_at.utc > ClusterWaitForAppInstallationWorker::TIMEOUT
-      end
-
-      def remove_installation_pod
-        helm_api.delete_pod!(pod_name)
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/check_uninstall_progress_service.rb b/app/services/clusters/applications/check_uninstall_progress_service.rb
deleted file mode 100644
index cd213c3ebbf..00000000000
--- a/app/services/clusters/applications/check_uninstall_progress_service.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class CheckUninstallProgressService < CheckProgressService
-      private
-
-      def operation_in_progress?
-        app.uninstalling?
-      end
-
-      def on_success
-        app.post_uninstall
-        app.destroy!
-      rescue StandardError => e
-        app.make_errored!(_('Application uninstalled but failed to destroy: %{error_message}') % { error_message: e.message })
-      ensure
-        remove_uninstallation_pod
-      end
-
-      def check_timeout
-        if timed_out?
-          app.make_errored!(_('Operation timed out. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name })
-        else
-          WaitForUninstallAppWorker.perform_in(WaitForUninstallAppWorker::INTERVAL, app.name, app.id)
-        end
-      end
-
-      def pod_name
-        app.uninstall_command.pod_name
-      end
-
-      def timed_out?
-        Time.current.utc - app.updated_at.utc > WaitForUninstallAppWorker::TIMEOUT
-      end
-
-      def remove_uninstallation_pod
-        helm_api.delete_pod!(pod_name)
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/check_upgrade_progress_service.rb b/app/services/clusters/applications/check_upgrade_progress_service.rb
deleted file mode 100644
index c4fd234b302..00000000000
--- a/app/services/clusters/applications/check_upgrade_progress_service.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class CheckUpgradeProgressService < BaseHelmService
-      def execute
-        return unless app.updating?
-
-        case phase
-        when ::Gitlab::Kubernetes::Pod::SUCCEEDED
-          on_success
-        when ::Gitlab::Kubernetes::Pod::FAILED
-          on_failed
-        else
-          check_timeout
-        end
-      rescue ::Kubeclient::HttpError => e
-        app.make_update_errored!("Kubernetes error: #{e.message}") unless app.update_errored?
-      end
-
-      private
-
-      def on_success
-        app.make_installed!
-      ensure
-        remove_pod
-      end
-
-      def on_failed
-        app.make_update_errored!(errors || 'Update silently failed')
-      ensure
-        remove_pod
-      end
-
-      def check_timeout
-        if timed_out?
-          begin
-            app.make_update_errored!('Update timed out')
-          ensure
-            remove_pod
-          end
-        else
-          ::ClusterWaitForAppUpdateWorker.perform_in(
-            ::ClusterWaitForAppUpdateWorker::INTERVAL, app.name, app.id)
-        end
-      end
-
-      def timed_out?
-        Time.current.utc - app.updated_at.to_time.utc > ::ClusterWaitForAppUpdateWorker::TIMEOUT
-      end
-
-      def remove_pod
-        helm_api.delete_pod!(pod_name)
-      rescue StandardError
-        # no-op
-      end
-
-      def phase
-        helm_api.status(pod_name)
-      end
-
-      def errors
-        helm_api.log(pod_name)
-      end
-
-      def pod_name
-        @pod_name ||= patch_command.pod_name
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/create_service.rb b/app/services/clusters/applications/create_service.rb
deleted file mode 100644
index 2a626a402e4..00000000000
--- a/app/services/clusters/applications/create_service.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class CreateService < Clusters::Applications::BaseService
-      private
-
-      def worker_class(application)
-        application.updateable? ? ClusterUpgradeAppWorker : ClusterInstallAppWorker
-      end
-
-      def builder
-        cluster.public_send(application_class.association_name) || # rubocop:disable GitlabSecurity/PublicSend
-          cluster.public_send(:"build_application_#{application_name}") # rubocop:disable GitlabSecurity/PublicSend
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/patch_service.rb b/app/services/clusters/applications/patch_service.rb
deleted file mode 100644
index fbea18bae6b..00000000000
--- a/app/services/clusters/applications/patch_service.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class PatchService < BaseHelmService
-      def execute
-        return unless app.scheduled?
-
-        app.make_updating!
-
-        patch
-      end
-
-      private
-
-      def patch
-        log_event(:begin_patch)
-        helm_api.update(update_command)
-
-        log_event(:schedule_wait_for_patch)
-        ClusterWaitForAppInstallationWorker.perform_in(
-          ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id)
-      rescue Kubeclient::HttpError => e
-        log_error(e)
-        app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code })
-      rescue StandardError => e
-        log_error(e)
-        app.make_errored!(_('Failed to update.'))
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/prometheus_update_service.rb b/app/services/clusters/applications/prometheus_update_service.rb
deleted file mode 100644
index b8b50f06d72..00000000000
--- a/app/services/clusters/applications/prometheus_update_service.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    # Deprecated, to be removed in %14.0 as part of https://gitlab.com/groups/gitlab-org/-/epics/4280
-    class PrometheusUpdateService < BaseHelmService
-      attr_accessor :project
-
-      def initialize(app, project)
-        super(app)
-        @project = project
-      end
-
-      def execute
-        raise NotImplementedError, 'Externally installed prometheus should not be modified!' unless app.managed_prometheus?
-
-        app.make_updating!
-
-        helm_api.update(patch_command(values))
-
-        ::ClusterWaitForAppUpdateWorker.perform_in(::ClusterWaitForAppUpdateWorker::INTERVAL, app.name, app.id)
-      rescue ::Kubeclient::HttpError => ke
-        app.make_update_errored!("Kubernetes error: #{ke.message}")
-      rescue StandardError => e
-        app.make_update_errored!(e.message)
-      end
-
-      private
-
-      def values
-        PrometheusConfigService
-          .new(project, cluster, app)
-          .execute
-          .to_yaml
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/applications/update_service.rb b/app/services/clusters/applications/update_service.rb
deleted file mode 100644
index 7a36401f156..00000000000
--- a/app/services/clusters/applications/update_service.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module Clusters
-  module Applications
-    class UpdateService < Clusters::Applications::BaseService
-      private
-
-      def worker_class(application)
-        ClusterPatchAppWorker
-      end
-
-      def builder
-        cluster.public_send(application_class.association_name) # rubocop:disable GitlabSecurity/PublicSend
-      end
-    end
-  end
-end
diff --git a/app/services/clusters/kubernetes/configure_istio_ingress_service.rb b/app/services/clusters/kubernetes/configure_istio_ingress_service.rb
deleted file mode 100644
index 3b7e094bc97..00000000000
--- a/app/services/clusters/kubernetes/configure_istio_ingress_service.rb
+++ /dev/null
@@ -1,112 +0,0 @@
-# frozen_string_literal: true
-
-require 'openssl'
-
-module Clusters
-  module Kubernetes
-    class ConfigureIstioIngressService
-      PASSTHROUGH_RESOURCE = Kubeclient::Resource.new(
-        mode: 'PASSTHROUGH'
-      ).freeze
-
-      MTLS_RESOURCE = Kubeclient::Resource.new(
-        mode: 'MUTUAL',
-        privateKey: '/etc/istio/ingressgateway-certs/tls.key',
-        serverCertificate: '/etc/istio/ingressgateway-certs/tls.crt',
-        caCertificates: '/etc/istio/ingressgateway-ca-certs/cert.pem'
-      ).freeze
-
-      def initialize(cluster:)
-        @cluster = cluster
-        @platform = cluster.platform
-        @kubeclient = platform.kubeclient
-        @knative = cluster.application_knative
-      end
-
-      def execute
-        return configure_certificates if serverless_domain_cluster
-
-        configure_passthrough
-      rescue Kubeclient::HttpError => e
-        knative.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code })
-      rescue StandardError
-        knative.make_errored!(_('Failed to update.'))
-      end
-
-      private
-
-      attr_reader :cluster, :platform, :kubeclient, :knative
-
-      def serverless_domain_cluster
-        knative&.serverless_domain_cluster
-      end
-
-      def configure_certificates
-        create_or_update_istio_cert_and_key
-        set_gateway_wildcard_https(MTLS_RESOURCE)
-      end
-
-      def create_or_update_istio_cert_and_key
-        name = OpenSSL::X509::Name.parse("CN=#{knative.hostname}")
-
-        key = OpenSSL::PKey::RSA.new(2048)
-
-        cert = OpenSSL::X509::Certificate.new
-        cert.version = 2
-        cert.serial = 0
-        cert.not_before = Time.current
-        cert.not_after = Time.current + 1000.years
-
-        cert.public_key = key.public_key
-        cert.subject = name
-        cert.issuer = name
-        cert.sign(key, OpenSSL::Digest.new('SHA256'))
-
-        serverless_domain_cluster.update!(
-          key: key.to_pem,
-          certificate: cert.to_pem
-        )
-
-        kubeclient.create_or_update_secret(istio_ca_certs_resource)
-        kubeclient.create_or_update_secret(istio_certs_resource)
-      end
-
-      def istio_ca_certs_resource
-        Gitlab::Kubernetes::GenericSecret.new(
-          'istio-ingressgateway-ca-certs',
-          {
-            'cert.pem': Base64.strict_encode64(serverless_domain_cluster.certificate)
-          },
-          Clusters::Kubernetes::ISTIO_SYSTEM_NAMESPACE
-        ).generate
-      end
-
-      def istio_certs_resource
-        Gitlab::Kubernetes::TlsSecret.new(
-          'istio-ingressgateway-certs',
-          serverless_domain_cluster.certificate,
-          serverless_domain_cluster.key,
-          Clusters::Kubernetes::ISTIO_SYSTEM_NAMESPACE
-        ).generate
-      end
-
-      def set_gateway_wildcard_https(tls_resource)
-        gateway_resource = gateway
-        gateway_resource.spec.servers.each do |server|
-          next unless server.hosts == ['*'] && server.port.name == 'https'
-
-          server.tls = tls_resource
-        end
-        kubeclient.update_gateway(gateway_resource)
-      end
-
-      def configure_passthrough
-        set_gateway_wildcard_https(PASSTHROUGH_RESOURCE)
-      end
-
-      def gateway
-        kubeclient.get_gateway('knative-ingress-gateway', Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE)
-      end
-    end
-  end
-end