diff options
Diffstat (limited to 'app/models/clusters')
| -rw-r--r-- | app/models/clusters/applications/cilium.rb | 21 | ||||
| -rw-r--r-- | app/models/clusters/applications/prometheus.rb | 3 | ||||
| -rw-r--r-- | app/models/clusters/applications/runner.rb | 2 | ||||
| -rw-r--r-- | app/models/clusters/cluster.rb | 71 | ||||
| -rw-r--r-- | app/models/clusters/platforms/kubernetes.rb | 11 |
5 files changed, 55 insertions, 53 deletions
diff --git a/app/models/clusters/applications/cilium.rb b/app/models/clusters/applications/cilium.rb new file mode 100644 index 00000000000..7936b0b18de --- /dev/null +++ b/app/models/clusters/applications/cilium.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module Clusters + module Applications + class Cilium < ApplicationRecord + self.table_name = 'clusters_applications_cilium' + + include ::Clusters::Concerns::ApplicationCore + include ::Clusters::Concerns::ApplicationStatus + + # Cilium can only be installed and uninstalled through the + # cluster-applications project by triggering CI pipeline for a + # management project. UI operations are not available for such + # applications. More information: + # https://docs.gitlab.com/ee/user/clusters/management_project.html + def allowed_to_uninstall? + false + end + end + end +end diff --git a/app/models/clusters/applications/prometheus.rb b/app/models/clusters/applications/prometheus.rb index 24bb1df6d22..101d782db3a 100644 --- a/app/models/clusters/applications/prometheus.rb +++ b/app/models/clusters/applications/prometheus.rb @@ -17,6 +17,9 @@ module Clusters default_value_for :version, VERSION + scope :preload_cluster_platform, -> { preload(cluster: [:platform_kubernetes]) } + scope :with_clusters_with_cilium, -> { joins(:cluster).merge(Clusters::Cluster.with_available_cilium) } + attr_encrypted :alert_manager_token, mode: :per_attribute_iv, key: Settings.attr_encrypted_db_key_base_truncated, diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb index 6d3b6c4ed8f..9ec7c194a26 100644 --- a/app/models/clusters/applications/runner.rb +++ b/app/models/clusters/applications/runner.rb @@ -3,7 +3,7 @@ module Clusters module Applications class Runner < ApplicationRecord - VERSION = '0.17.1' + VERSION = '0.18.1' self.table_name = 'clusters_applications_runners' diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index bde7a2104ba..7641b6d2a4b 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -2,6 +2,7 @@ module Clusters class Cluster < ApplicationRecord + prepend HasEnvironmentScope include Presentable include Gitlab::Utils::StrongMemoize include FromUnion @@ -20,7 +21,8 @@ module Clusters Clusters::Applications::Jupyter.application_name => Clusters::Applications::Jupyter, Clusters::Applications::Knative.application_name => Clusters::Applications::Knative, Clusters::Applications::ElasticStack.application_name => Clusters::Applications::ElasticStack, - Clusters::Applications::Fluentd.application_name => Clusters::Applications::Fluentd + Clusters::Applications::Fluentd.application_name => Clusters::Applications::Fluentd, + Clusters::Applications::Cilium.application_name => Clusters::Applications::Cilium }.freeze DEFAULT_ENVIRONMENT = '*' KUBE_INGRESS_BASE_DOMAIN = 'KUBE_INGRESS_BASE_DOMAIN' @@ -64,6 +66,7 @@ module Clusters has_one_cluster_application :knative has_one_cluster_application :elastic_stack has_one_cluster_application :fluentd + has_one_cluster_application :cilium has_many :kubernetes_namespaces has_many :metrics_dashboard_annotations, class_name: 'Metrics::Dashboard::Annotation', inverse_of: :cluster @@ -81,6 +84,7 @@ module Clusters validate :no_groups, unless: :group_type? validate :no_projects, unless: :project_type? validate :unique_management_project_environment_scope + validate :unique_environment_scope after_save :clear_reactive_cache! @@ -129,6 +133,7 @@ module Clusters scope :with_enabled_modsecurity, -> { joins(:application_ingress).merge(::Clusters::Applications::Ingress.modsecurity_enabled) } scope :with_available_elasticstack, -> { joins(:application_elastic_stack).merge(::Clusters::Applications::ElasticStack.available) } + scope :with_available_cilium, -> { joins(:application_cilium).merge(::Clusters::Applications::Cilium.available) } scope :distinct_with_deployed_environments, -> { joins(:environments).merge(::Deployment.success).distinct } scope :preload_elasticstack, -> { preload(:application_elastic_stack) } scope :preload_environments, -> { preload(:environments) } @@ -228,7 +233,9 @@ module Clusters def calculate_reactive_cache return unless enabled? - { connection_status: retrieve_connection_status, nodes: retrieve_nodes } + gitlab_kubernetes_nodes = Gitlab::Kubernetes::Node.new(self) + + { connection_status: retrieve_connection_status, nodes: gitlab_kubernetes_nodes.all.presence } end def persisted_applications @@ -335,7 +342,11 @@ module Clusters end def local_tiller_enabled? - Feature.enabled?(:managed_apps_local_tiller, clusterable, default_enabled: false) + Feature.enabled?(:managed_apps_local_tiller, clusterable, default_enabled: true) + end + + def prometheus_adapter + application_prometheus end private @@ -352,6 +363,12 @@ module Clusters end end + def unique_environment_scope + if clusterable.present? && clusterable.clusters.where(environment_scope: environment_scope).where.not(id: id).exists? + errors.add(:environment_scope, 'cannot add duplicated environment scope') + end + end + def managed_namespace(environment) Clusters::KubernetesNamespaceFinder.new( self, @@ -383,54 +400,6 @@ module Clusters result[:status] end - def retrieve_nodes - result = ::Gitlab::Kubernetes::KubeClient.graceful_request(id) { kubeclient.get_nodes } - - return unless result[:response] - - cluster_nodes = result[:response] - - result = ::Gitlab::Kubernetes::KubeClient.graceful_request(id) { kubeclient.metrics_client.get_nodes } - nodes_metrics = result[:response].to_a - - cluster_nodes.inject([]) do |memo, node| - sliced_node = filter_relevant_node_attributes(node) - - matched_node_metric = nodes_metrics.find { |node_metric| node_metric.metadata.name == node.metadata.name } - - sliced_node_metrics = matched_node_metric ? filter_relevant_node_metrics_attributes(matched_node_metric) : {} - - memo << sliced_node.merge(sliced_node_metrics) - end - end - - def filter_relevant_node_attributes(node) - { - 'metadata' => { - 'name' => node.metadata.name - }, - 'status' => { - 'capacity' => { - 'cpu' => node.status.capacity.cpu, - 'memory' => node.status.capacity.memory - }, - 'allocatable' => { - 'cpu' => node.status.allocatable.cpu, - 'memory' => node.status.allocatable.memory - } - } - } - end - - def filter_relevant_node_metrics_attributes(node_metrics) - { - 'usage' => { - 'cpu' => node_metrics.usage.cpu, - 'memory' => node_metrics.usage.memory - } - } - end - # To keep backward compatibility with AUTO_DEVOPS_DOMAIN # environment variable, we need to ensure KUBE_INGRESS_BASE_DOMAIN # is set if AUTO_DEVOPS_DOMAIN is set on any of the following options: diff --git a/app/models/clusters/platforms/kubernetes.rb b/app/models/clusters/platforms/kubernetes.rb index 444368d0ef3..7af78960e35 100644 --- a/app/models/clusters/platforms/kubernetes.rb +++ b/app/models/clusters/platforms/kubernetes.rb @@ -159,7 +159,16 @@ module Clusters if ca_pem.present? opts[:cert_store] = OpenSSL::X509::Store.new - opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem)) + + file = Tempfile.new('cluster_ca_pem_temp') + begin + file.write(ca_pem) + file.rewind + opts[:cert_store].add_file(file.path) + ensure + file.close + file.unlink # deletes the temp file + end end opts |