From 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 17 Nov 2022 11:33:21 +0000 Subject: Add latest changes from gitlab-org/gitlab@15-6-stable-ee --- .../check_ingress_ip_address_service.rb | 46 --------- .../check_installation_progress_service.rb | 42 -------- .../check_uninstall_progress_service.rb | 42 -------- .../applications/check_upgrade_progress_service.rb | 71 ------------- .../clusters/applications/create_service.rb | 18 ---- .../clusters/applications/patch_service.rb | 32 ------ .../applications/prometheus_update_service.rb | 38 ------- .../clusters/applications/update_service.rb | 17 ---- .../kubernetes/configure_istio_ingress_service.rb | 112 --------------------- 9 files changed, 418 deletions(-) delete mode 100644 app/services/clusters/applications/check_ingress_ip_address_service.rb delete mode 100644 app/services/clusters/applications/check_installation_progress_service.rb delete mode 100644 app/services/clusters/applications/check_uninstall_progress_service.rb delete mode 100644 app/services/clusters/applications/check_upgrade_progress_service.rb delete mode 100644 app/services/clusters/applications/create_service.rb delete mode 100644 app/services/clusters/applications/patch_service.rb delete mode 100644 app/services/clusters/applications/prometheus_update_service.rb delete mode 100644 app/services/clusters/applications/update_service.rb delete mode 100644 app/services/clusters/kubernetes/configure_istio_ingress_service.rb (limited to 'app/services/clusters') diff --git a/app/services/clusters/applications/check_ingress_ip_address_service.rb b/app/services/clusters/applications/check_ingress_ip_address_service.rb deleted file mode 100644 index e254a0358a0..00000000000 --- a/app/services/clusters/applications/check_ingress_ip_address_service.rb +++ /dev/null @@ -1,46 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CheckIngressIpAddressService < BaseHelmService - include Gitlab::Utils::StrongMemoize - - Error = Class.new(StandardError) - - LEASE_TIMEOUT = 15.seconds.to_i - - def execute - return if app.external_ip - return if app.external_hostname - return unless try_obtain_lease - - app.external_ip = ingress_ip if ingress_ip - app.external_hostname = ingress_hostname if ingress_hostname - - app.save! if app.changed? - end - - private - - def try_obtain_lease - Gitlab::ExclusiveLease - .new("check_ingress_ip_address_service:#{app.id}", timeout: LEASE_TIMEOUT) - .try_obtain - end - - def ingress_ip - ingress_service&.ip - end - - def ingress_hostname - ingress_service&.hostname - end - - def ingress_service - strong_memoize(:ingress_service) do - app.ingress_service.status.loadBalancer.ingress&.first - end - end - end - end -end diff --git a/app/services/clusters/applications/check_installation_progress_service.rb b/app/services/clusters/applications/check_installation_progress_service.rb deleted file mode 100644 index 10a12f30956..00000000000 --- a/app/services/clusters/applications/check_installation_progress_service.rb +++ /dev/null @@ -1,42 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CheckInstallationProgressService < CheckProgressService - private - - def operation_in_progress? - app.installing? || app.updating? - end - - def on_success - app.make_installed! - - Gitlab::Tracking.event('cluster:applications', "cluster_application_#{app.name}_installed") - ensure - remove_installation_pod - end - - def check_timeout - if timed_out? - app.make_errored!("Operation timed out. Check pod logs for #{pod_name} for more details.") - else - ClusterWaitForAppInstallationWorker.perform_in( - ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id) - end - end - - def pod_name - install_command.pod_name - end - - def timed_out? - Time.current.utc - app.updated_at.utc > ClusterWaitForAppInstallationWorker::TIMEOUT - end - - def remove_installation_pod - helm_api.delete_pod!(pod_name) - end - end - end -end diff --git a/app/services/clusters/applications/check_uninstall_progress_service.rb b/app/services/clusters/applications/check_uninstall_progress_service.rb deleted file mode 100644 index cd213c3ebbf..00000000000 --- a/app/services/clusters/applications/check_uninstall_progress_service.rb +++ /dev/null @@ -1,42 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CheckUninstallProgressService < CheckProgressService - private - - def operation_in_progress? - app.uninstalling? - end - - def on_success - app.post_uninstall - app.destroy! - rescue StandardError => e - app.make_errored!(_('Application uninstalled but failed to destroy: %{error_message}') % { error_message: e.message }) - ensure - remove_uninstallation_pod - end - - def check_timeout - if timed_out? - app.make_errored!(_('Operation timed out. Check pod logs for %{pod_name} for more details.') % { pod_name: pod_name }) - else - WaitForUninstallAppWorker.perform_in(WaitForUninstallAppWorker::INTERVAL, app.name, app.id) - end - end - - def pod_name - app.uninstall_command.pod_name - end - - def timed_out? - Time.current.utc - app.updated_at.utc > WaitForUninstallAppWorker::TIMEOUT - end - - def remove_uninstallation_pod - helm_api.delete_pod!(pod_name) - end - end - end -end diff --git a/app/services/clusters/applications/check_upgrade_progress_service.rb b/app/services/clusters/applications/check_upgrade_progress_service.rb deleted file mode 100644 index c4fd234b302..00000000000 --- a/app/services/clusters/applications/check_upgrade_progress_service.rb +++ /dev/null @@ -1,71 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CheckUpgradeProgressService < BaseHelmService - def execute - return unless app.updating? - - case phase - when ::Gitlab::Kubernetes::Pod::SUCCEEDED - on_success - when ::Gitlab::Kubernetes::Pod::FAILED - on_failed - else - check_timeout - end - rescue ::Kubeclient::HttpError => e - app.make_update_errored!("Kubernetes error: #{e.message}") unless app.update_errored? - end - - private - - def on_success - app.make_installed! - ensure - remove_pod - end - - def on_failed - app.make_update_errored!(errors || 'Update silently failed') - ensure - remove_pod - end - - def check_timeout - if timed_out? - begin - app.make_update_errored!('Update timed out') - ensure - remove_pod - end - else - ::ClusterWaitForAppUpdateWorker.perform_in( - ::ClusterWaitForAppUpdateWorker::INTERVAL, app.name, app.id) - end - end - - def timed_out? - Time.current.utc - app.updated_at.to_time.utc > ::ClusterWaitForAppUpdateWorker::TIMEOUT - end - - def remove_pod - helm_api.delete_pod!(pod_name) - rescue StandardError - # no-op - end - - def phase - helm_api.status(pod_name) - end - - def errors - helm_api.log(pod_name) - end - - def pod_name - @pod_name ||= patch_command.pod_name - end - end - end -end diff --git a/app/services/clusters/applications/create_service.rb b/app/services/clusters/applications/create_service.rb deleted file mode 100644 index 2a626a402e4..00000000000 --- a/app/services/clusters/applications/create_service.rb +++ /dev/null @@ -1,18 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class CreateService < Clusters::Applications::BaseService - private - - def worker_class(application) - application.updateable? ? ClusterUpgradeAppWorker : ClusterInstallAppWorker - end - - def builder - cluster.public_send(application_class.association_name) || # rubocop:disable GitlabSecurity/PublicSend - cluster.public_send(:"build_application_#{application_name}") # rubocop:disable GitlabSecurity/PublicSend - end - end - end -end diff --git a/app/services/clusters/applications/patch_service.rb b/app/services/clusters/applications/patch_service.rb deleted file mode 100644 index fbea18bae6b..00000000000 --- a/app/services/clusters/applications/patch_service.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class PatchService < BaseHelmService - def execute - return unless app.scheduled? - - app.make_updating! - - patch - end - - private - - def patch - log_event(:begin_patch) - helm_api.update(update_command) - - log_event(:schedule_wait_for_patch) - ClusterWaitForAppInstallationWorker.perform_in( - ClusterWaitForAppInstallationWorker::INTERVAL, app.name, app.id) - rescue Kubeclient::HttpError => e - log_error(e) - app.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code }) - rescue StandardError => e - log_error(e) - app.make_errored!(_('Failed to update.')) - end - end - end -end diff --git a/app/services/clusters/applications/prometheus_update_service.rb b/app/services/clusters/applications/prometheus_update_service.rb deleted file mode 100644 index b8b50f06d72..00000000000 --- a/app/services/clusters/applications/prometheus_update_service.rb +++ /dev/null @@ -1,38 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - # Deprecated, to be removed in %14.0 as part of https://gitlab.com/groups/gitlab-org/-/epics/4280 - class PrometheusUpdateService < BaseHelmService - attr_accessor :project - - def initialize(app, project) - super(app) - @project = project - end - - def execute - raise NotImplementedError, 'Externally installed prometheus should not be modified!' unless app.managed_prometheus? - - app.make_updating! - - helm_api.update(patch_command(values)) - - ::ClusterWaitForAppUpdateWorker.perform_in(::ClusterWaitForAppUpdateWorker::INTERVAL, app.name, app.id) - rescue ::Kubeclient::HttpError => ke - app.make_update_errored!("Kubernetes error: #{ke.message}") - rescue StandardError => e - app.make_update_errored!(e.message) - end - - private - - def values - PrometheusConfigService - .new(project, cluster, app) - .execute - .to_yaml - end - end - end -end diff --git a/app/services/clusters/applications/update_service.rb b/app/services/clusters/applications/update_service.rb deleted file mode 100644 index 7a36401f156..00000000000 --- a/app/services/clusters/applications/update_service.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -module Clusters - module Applications - class UpdateService < Clusters::Applications::BaseService - private - - def worker_class(application) - ClusterPatchAppWorker - end - - def builder - cluster.public_send(application_class.association_name) # rubocop:disable GitlabSecurity/PublicSend - end - end - end -end diff --git a/app/services/clusters/kubernetes/configure_istio_ingress_service.rb b/app/services/clusters/kubernetes/configure_istio_ingress_service.rb deleted file mode 100644 index 3b7e094bc97..00000000000 --- a/app/services/clusters/kubernetes/configure_istio_ingress_service.rb +++ /dev/null @@ -1,112 +0,0 @@ -# frozen_string_literal: true - -require 'openssl' - -module Clusters - module Kubernetes - class ConfigureIstioIngressService - PASSTHROUGH_RESOURCE = Kubeclient::Resource.new( - mode: 'PASSTHROUGH' - ).freeze - - MTLS_RESOURCE = Kubeclient::Resource.new( - mode: 'MUTUAL', - privateKey: '/etc/istio/ingressgateway-certs/tls.key', - serverCertificate: '/etc/istio/ingressgateway-certs/tls.crt', - caCertificates: '/etc/istio/ingressgateway-ca-certs/cert.pem' - ).freeze - - def initialize(cluster:) - @cluster = cluster - @platform = cluster.platform - @kubeclient = platform.kubeclient - @knative = cluster.application_knative - end - - def execute - return configure_certificates if serverless_domain_cluster - - configure_passthrough - rescue Kubeclient::HttpError => e - knative.make_errored!(_('Kubernetes error: %{error_code}') % { error_code: e.error_code }) - rescue StandardError - knative.make_errored!(_('Failed to update.')) - end - - private - - attr_reader :cluster, :platform, :kubeclient, :knative - - def serverless_domain_cluster - knative&.serverless_domain_cluster - end - - def configure_certificates - create_or_update_istio_cert_and_key - set_gateway_wildcard_https(MTLS_RESOURCE) - end - - def create_or_update_istio_cert_and_key - name = OpenSSL::X509::Name.parse("CN=#{knative.hostname}") - - key = OpenSSL::PKey::RSA.new(2048) - - cert = OpenSSL::X509::Certificate.new - cert.version = 2 - cert.serial = 0 - cert.not_before = Time.current - cert.not_after = Time.current + 1000.years - - cert.public_key = key.public_key - cert.subject = name - cert.issuer = name - cert.sign(key, OpenSSL::Digest.new('SHA256')) - - serverless_domain_cluster.update!( - key: key.to_pem, - certificate: cert.to_pem - ) - - kubeclient.create_or_update_secret(istio_ca_certs_resource) - kubeclient.create_or_update_secret(istio_certs_resource) - end - - def istio_ca_certs_resource - Gitlab::Kubernetes::GenericSecret.new( - 'istio-ingressgateway-ca-certs', - { - 'cert.pem': Base64.strict_encode64(serverless_domain_cluster.certificate) - }, - Clusters::Kubernetes::ISTIO_SYSTEM_NAMESPACE - ).generate - end - - def istio_certs_resource - Gitlab::Kubernetes::TlsSecret.new( - 'istio-ingressgateway-certs', - serverless_domain_cluster.certificate, - serverless_domain_cluster.key, - Clusters::Kubernetes::ISTIO_SYSTEM_NAMESPACE - ).generate - end - - def set_gateway_wildcard_https(tls_resource) - gateway_resource = gateway - gateway_resource.spec.servers.each do |server| - next unless server.hosts == ['*'] && server.port.name == 'https' - - server.tls = tls_resource - end - kubeclient.update_gateway(gateway_resource) - end - - def configure_passthrough - set_gateway_wildcard_https(PASSTHROUGH_RESOURCE) - end - - def gateway - kubeclient.get_gateway('knative-ingress-gateway', Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE) - end - end - end -end -- cgit v1.2.3