Automatic merge of gitlab-org/gitlab-ce master

app/assets/javascripts/clusters/components/uninstall_application_confirmation_modal.vue

@@ -12,7 +12,7 @@ const CUSTOM_APP_WARNING_TEXT = {
     'ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored.',
   ),
   [CERT_MANAGER]: s__(
-    'ClusterIntegration|The associated certifcate will be deleted and cannot be restored.',
+    'ClusterIntegration|The associated private key will be deleted and cannot be restored.',
   ),
   [PROMETHEUS]: s__('ClusterIntegration|All data will be deleted and cannot be restored.'),
   [RUNNER]: s__('ClusterIntegration|Any running pipelines will be canceled.'),

app/assets/javascripts/jobs/components/job_app.vue

@@ -73,6 +73,10 @@ export default {
       type: String,
       required: true,
     },
+    projectPath: {
+      type: String,
+      required: true,
+    },
     logState: {
       type: String,
       required: true,
@@ -258,6 +262,7 @@ export default {
           :quota-used="job.runners.quota.used"
           :quota-limit="job.runners.quota.limit"
           :runners-path="runnerHelpUrl"
+          :project-path="projectPath"
         />
 
         <environments-block

app/assets/javascripts/jobs/index.js

@@ -20,6 +20,7 @@ export default () => {
           pagePath: element.dataset.buildOptionsPagePath,
           logState: element.dataset.buildOptionsLogState,
           buildStatus: element.dataset.buildOptionsBuildStatus,
+          projectPath: element.dataset.projectPath,
         },
       });
     },

app/models/clusters/applications/cert_manager.rb

@@ -24,12 +24,6 @@ module Clusters
         'stable/cert-manager'
       end
 
-      # We will implement this in future MRs.
-      # Need to reverse postinstall step
-      def allowed_to_uninstall?
-        false
-      end
-
       def install_command
         Gitlab::Kubernetes::Helm::InstallCommand.new(
           name: 'certmanager',
@@ -41,12 +35,42 @@ module Clusters
         )
       end
 
+      def uninstall_command
+        Gitlab::Kubernetes::Helm::DeleteCommand.new(
+          name: 'certmanager',
+          rbac: cluster.platform_kubernetes_rbac?,
+          files: files,
+          postdelete: post_delete_script
+        )
+      end
+
       private
 
       def post_install_script
         ["kubectl create -f /data/helm/certmanager/config/cluster_issuer.yaml"]
       end
 
+      def post_delete_script
+        [
+          delete_private_key,
+          delete_crd('certificates.certmanager.k8s.io'),
+          delete_crd('clusterissuers.certmanager.k8s.io'),
+          delete_crd('issuers.certmanager.k8s.io')
+        ].compact
+      end
+
+      def private_key_name
+        @private_key_name ||= cluster_issuer_content.dig('spec', 'acme', 'privateKeySecretRef', 'name')
+      end
+
+      def delete_private_key
+        "kubectl delete secret -n #{Gitlab::Kubernetes::Helm::NAMESPACE} #{private_key_name} --ignore-not-found" if private_key_name.present?
+      end
+
+      def delete_crd(definition)
+        "kubectl delete crd #{definition} --ignore-not-found"
+      end
+
       def cluster_issuer_file
         {
           'cluster_issuer.yaml': cluster_issuer_yaml_content

app/views/projects/_flash_messages.html.haml

@@ -5,7 +5,7 @@
   - if current_user && can?(current_user, :download_code, project)
     = render 'shared/no_ssh'
     = render 'shared/no_password'
-    = render_if_exists 'shared/shared_runners_minutes_limit', project: project
     - unless project.empty_repo?
       = render 'shared/auto_devops_implicitly_enabled_banner', project: project
     = render_if_exists 'projects/above_size_limit_warning', project: project
+    = render_if_exists 'shared/shared_runners_minutes_limit', project: project, classes: [container_class, ("limit-container-width" unless fluid_layout)]

app/views/projects/jobs/show.html.haml

@@ -7,7 +7,7 @@
   = stylesheet_link_tag 'page_bundles/xterm'
 
 %div{ class: container_class }
-  #js-job-vue-app{ data: { endpoint: project_job_path(@project, @build, format: :json),
+  #js-job-vue-app{ data: { endpoint: project_job_path(@project, @build, format: :json), project_path: @project.full_path,
     deployment_help_url: help_page_path('user/project/clusters/index.html', anchor: 'troubleshooting-failed-deployment-jobs'),
     runner_help_url: help_page_path('ci/runners/README.html', anchor: 'setting-maximum-job-timeout-for-a-runner'),
     runner_settings_url: project_runners_path(@build.project, anchor: 'js-runners-settings'),

changelogs/unreleased/60664-kubernetes-applications-uninstall-cert-manager.yml

+---
+title: Allow Cert-Manager to be uninstalled
+merge_request: 31166
+author:
+type: added

changelogs/unreleased/update-pipelines-minutes-expiry-banner-to-an-alert-component-type.yml

+---
+title: Enhance style of the shared runners limit
+merge_request: 31386
+author:
+type: other

doc/user/clusters/applications.md

@@ -252,6 +252,7 @@ The applications below can be uninstalled.
 
 | Application | GitLab version | Notes |
 | ----------- | -------------- | ----- |
+| Cert-Manager | 12.2+         | The associated private key will be deleted and cannot be restored. Deployed applications will continue to use HTTPS, but certificates will not be renewed. Before uninstalling, you may wish to [back up your configuration](https://docs.cert-manager.io/en/latest/tasks/backup-restore-crds.html) or [revoke your certificates](https://letsencrypt.org/docs/revoking/) |
 | GitLab Runner  | 12.2+         | Any running pipelines will be canceled. |
 | Helm  | 12.2+         | The associated Tiller pod will be deleted and cannot be restored. |
 | Ingress  | 12.1+         | The associated load balancer and IP will be deleted and cannot be restored. Furthermore, it can only be uninstalled if JupyterHub is not installed. |

locale/gitlab.pot

@@ -3533,10 +3533,10 @@ msgstr ""
 msgid "ClusterIntegration|The associated Tiller pod will be deleted and cannot be restored."
 msgstr ""
 
-msgid "ClusterIntegration|The associated certifcate will be deleted and cannot be restored."
+msgid "ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored."
 msgstr ""
 
-msgid "ClusterIntegration|The associated load balancer and IP will be deleted and cannot be restored."
+msgid "ClusterIntegration|The associated private key will be deleted and cannot be restored."
 msgstr ""
 
 msgid "ClusterIntegration|The endpoint is in the process of being assigned. Please check your Kubernetes cluster or Quotas on Google Kubernetes Engine if it takes a long time."

spec/features/projects/clusters/applications_spec.rb

@@ -183,7 +183,7 @@ describe 'Clusters Applications', :js do
             Clusters::Cluster.last.application_cert_manager.make_installed!
 
             expect(email_form_value).to eq('new_email@example.org')
-            expect(page).to have_css('.js-cluster-application-install-button', exact_text: 'Installed')
+            expect(page).to have_css('.js-cluster-application-uninstall-button', exact_text: 'Uninstall')
           end
 
           expect(page).to have_content('Cert-Manager was successfully installed on your Kubernetes cluster')

spec/javascripts/jobs/components/job_app_spec.js

@@ -24,6 +24,7 @@ describe('Job App ', () => {
     variablesSettingsUrl: 'settings/ci-cd/variables',
     terminalPath: 'jobs/123/terminal',
     pagePath: `${gl.TEST_HOST}jobs/123`,
+    projectPath: 'user-name/project-name',
     logState:
       'eyJvZmZzZXQiOjE3NDUxLCJuX29wZW5fdGFncyI6MCwiZmdfY29sb3IiOm51bGwsImJnX2NvbG9yIjpudWxsLCJzdHlsZV9tYXNrIjowfQ%3D%3D',
   };

spec/models/clusters/applications/cert_manager_spec.rb

@@ -13,7 +13,7 @@ describe Clusters::Applications::CertManager do
   describe '#can_uninstall?' do
     subject { cert_manager.can_uninstall? }
 
-    it { is_expected.to be_falsey }
+    it { is_expected.to be_truthy }
   end
 
   describe '#install_command' do
@@ -80,6 +80,44 @@ describe Clusters::Applications::CertManager do
     end
   end
 
+  describe '#uninstall_command' do
+    subject { cert_manager.uninstall_command }
+
+    it { is_expected.to be_an_instance_of(Gitlab::Kubernetes::Helm::DeleteCommand) }
+
+    it 'is initialized with cert_manager arguments' do
+      expect(subject.name).to eq('certmanager')
+      expect(subject).to be_rbac
+      expect(subject.files).to eq(cert_manager.files)
+    end
+
+    it 'specifies a post delete command to remove custom resource definitions' do
+      expect(subject.postdelete).to eq([
+        "kubectl delete secret -n gitlab-managed-apps letsencrypt-prod --ignore-not-found",
+        'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+        'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
+        'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+      ])
+    end
+
+    context 'secret key name is not found' do
+      before do
+        allow(File).to receive(:read).and_call_original
+        expect(File).to receive(:read)
+          .with(Rails.root.join('vendor', 'cert_manager', 'cluster_issuer.yaml'))
+          .and_return('key: value')
+      end
+
+      it 'does not try and delete the secret' do
+        expect(subject.postdelete).to eq([
+          'kubectl delete crd certificates.certmanager.k8s.io --ignore-not-found',
+          'kubectl delete crd clusterissuers.certmanager.k8s.io --ignore-not-found',
+          'kubectl delete crd issuers.certmanager.k8s.io --ignore-not-found'
+        ])
+      end
+    end
+  end
+
   describe '#files' do
     let(:application) { cert_manager }
     let(:values) { subject[:'values.yaml'] }