Get mutual SSL working with helm tiller

author: Dylan Griffith <dyl.griffith@gmail.com> 2018-07-24 14:02:35 +0300
committer: Dylan Griffith <dyl.griffith@gmail.com> 2018-07-30 16:08:30 +0300
commit: 11edbcccef37f08b089386c41d3914df7f48a677 (patch)
tree: 3017e5e2904d11023075c5e84ddba5320e2b623f /spec/lib
parent: ce897f11a0650b0d6938cb506a030ef00160ab7a (diff)
3 files changed, 36 insertions, 32 deletions
diff --git a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
index 7550e23259b..dcbc046cf00 100644
--- a/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/init_command_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Gitlab::Kubernetes::Helm::InitCommand do
   let(:application) { create(:clusters_applications_helm) }
-  let(:commands) { 'helm init >/dev/null' }
+  let(:commands) { 'helm init --tiller-tls --tiller-tls-verify --tls-ca-cert /data/helm/helm/config/ca.pem --tiller-tls-cert /data/helm/helm/config/cert.pem --tiller-tls-key /data/helm/helm/config/key.pem >/dev/null' }
 
   subject { described_class.new(name: application.name, files: {}) }
 
diff --git a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
index 1e8407c8dc3..51221e54d89 100644
--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -1,62 +1,67 @@
 require 'rails_helper'
 
 describe Gitlab::Kubernetes::Helm::InstallCommand do
-  let(:application) { create(:clusters_applications_prometheus) }
-  let(:namespace) { Gitlab::Kubernetes::Helm::NAMESPACE }
-  let(:install_command) { application.install_command }
+  let(:files) { { 'ca.pem': 'some file content' } }
+  let(:repository) { 'https://repository.example.com' }
+  let(:version) { '1.2.3' }
 
-  subject { install_command }
+  let(:install_command) do
+    described_class.new(
+      name: 'app-name',
+      chart: 'chart-name',
+      files: files,
+      version: version, repository: repository
+    )
+  end
 
-  context 'for ingress' do
-    let(:application) { create(:clusters_applications_ingress) }
+  subject { install_command }
 
-    it_behaves_like 'helm commands' do
-      let(:commands) do
-        <<~EOS
-         helm init --client-only >/dev/null
-         helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
-        EOS
-      end
+  it_behaves_like 'helm commands' do
+    let(:commands) do
+      <<~EOS
+      helm init --client-only >/dev/null
+      helm repo add app-name https://repository.example.com
+      helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
+      EOS
     end
   end
 
-  context 'for prometheus' do
-    let(:application) { create(:clusters_applications_prometheus) }
+  context 'when there is no repository' do
+    let(:repository) { nil }
 
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
          helm init --client-only >/dev/null
-         helm install #{application.chart} --name #{application.name} --version #{application.version} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
+         helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
         EOS
       end
     end
   end
 
-  context 'for runner' do
-    let(:ci_runner) { create(:ci_runner) }
-    let(:application) { create(:clusters_applications_runner, runner: ci_runner) }
+  context 'when there is no ca.pem file' do
+    let(:files) { { 'file.txt': 'some content' } }
 
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
          helm init --client-only >/dev/null
-         helm repo add #{application.name} #{application.repository}
-         helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
+         helm repo add app-name https://repository.example.com
+         helm install chart-name --name app-name --version 1.2.3 --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
         EOS
       end
     end
   end
 
-  context 'for jupyter' do
-    let(:application) { create(:clusters_applications_jupyter) }
+  context 'when there is no version' do
+    let(:version) { nil }
 
     it_behaves_like 'helm commands' do
       let(:commands) do
         <<~EOS
          helm init --client-only >/dev/null
-         helm repo add #{application.name} #{application.repository}
-         helm install #{application.chart} --name #{application.name} --namespace #{namespace} -f /data/helm/#{application.name}/config/values.yaml >/dev/null
+         helm repo add app-name https://repository.example.com
+         helm install --tls --tls-ca-cert /data/helm/app-name/config/ca.pem --tls-cert /data/helm/app-name/config/cert.pem --tls-key /data/helm/app-name/config/key.pem chart-name --name app-name --namespace gitlab-managed-apps -f /data/helm/app-name/config/values.yaml >/dev/null
         EOS
       end
     end
@@ -65,13 +70,13 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
   describe '#config_map_resource' do
     let(:metadata) do
       {
-        name: "values-content-configuration-#{application.name}",
-        namespace: namespace,
-        labels: { name: "values-content-configuration-#{application.name}" }
+        name: "values-content-configuration-app-name",
+        namespace: 'gitlab-managed-apps',
+        labels: { name: "values-content-configuration-app-name" }
       }
     end
 
-    let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: application.files) }
+    let(:resource) { ::Kubeclient::Resource.new(metadata: metadata, data: files) }
 
     subject { install_command.config_map_resource }
 
diff --git a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
index c25978e96da..ec64193c0b2 100644
--- a/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/pod_spec.rb
@@ -2,8 +2,7 @@ require 'rails_helper'
 
 describe Gitlab::Kubernetes::Helm::Pod do
   describe '#generate' do
-    let(:cluster) { create(:cluster) }
-    let(:app) {  create(:clusters_applications_prometheus, cluster: cluster) }
+    let(:app) {  create(:clusters_applications_prometheus) }
     let(:command) {  app.install_command }
     let(:namespace) { Gitlab::Kubernetes::Helm::NAMESPACE }
author	Dylan Griffith <dyl.griffith@gmail.com>	2018-07-24 14:02:35 +0300
committer	Dylan Griffith <dyl.griffith@gmail.com>	2018-07-30 16:08:30 +0300
commit	11edbcccef37f08b089386c41d3914df7f48a677 (patch)
tree	3017e5e2904d11023075c5e84ddba5320e2b623f /spec/lib
parent	ce897f11a0650b0d6938cb506a030ef00160ab7a (diff)