Merge branch 'alberts-sync-review-apps-tls' into 'master'

Sync review app TLS to namespaces See merge request gitlab-org/gitlab!63721

Merge branch 'alberts-sync-review-apps-tls' into 'master'
Sync review app TLS to namespaces See merge request gitlab-org/gitlab!63721
8baad3c7 · Rémy Coutable · 6e24c5d2 · 14c8036e · 8baad3c7 · 8baad3c7
Commit 8baad3c7 authored Jun 11, 2021 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 5 deletions

scripts/review_apps/base-config.yaml scripts/review_apps/base-config.yaml +2 -2

scripts/review_apps/review-apps.sh scripts/review_apps/review-apps.sh +10 -3

No files found.
--- a/scripts/review_apps/base-config.yaml
+++ b/scripts/review_apps/base-config.yaml
@@ -5,9 +5,9 @@ global:
  ingress:
    annotations:
      external-dns.alpha.kubernetes.io/ttl: 10
-      cert-manager.io/cluster-issuer: review-apps-route53-dns01-wildcard-cluster-issuer
-      kubernetes.io/tls-acme: true
    configureCertmanager: false
+    tls:
+      secretName: review-apps-tls
  initialRootPassword:
    secret: shared-gitlab-initial-root-password
 certmanager:

--- a/scripts/review_apps/review-apps.sh
+++ b/scripts/review_apps/review-apps.sh
@@ -161,6 +161,15 @@ function ensure_namespace() {
  kubectl describe namespace "${namespace}" || kubectl create namespace "${namespace}"
 }

+function label_namespace() {
+  local namespace="${1}"
+  local label="${2}"
+
+  echoinfo "Labeling the ${namespace} namespace with ${label}" true
+
+  kubectl label namespace "${namespace}" "${label}"
+}
+
 function install_external_dns() {
  local namespace="${KUBE_NAMESPACE}"
  local release="dns-gitlab-review-app-helm3"
@@ -302,6 +311,7 @@ function deploy() {
  gitlab_workhorse_image_repository="${IMAGE_REPOSITORY}/gitlab-workhorse-ee"

  ensure_namespace "${namespace}"
+  label_namespace "${namespace}" "tls=review-apps-tls" # label namespace for kubed to sync tls

  create_application_secret

@@ -319,9 +329,6 @@ HELM_CMD=$(cat << EOF
    --set releaseOverride="${release}" \
    --set global.hosts.hostSuffix="${HOST_SUFFIX}" \
    --set global.hosts.domain="${REVIEW_APPS_DOMAIN}" \
-    --set gitlab.webservice.ingress.tls.secretName="${release}-gitlab-tls" \
-    --set registry.ingress.tls.secretName="${release}-registry-tls" \
-    --set minio.ingress.tls.secretName="${release}-minio-tls" \
    --set gitlab.migrations.image.repository="${gitlab_migrations_image_repository}" \
    --set gitlab.migrations.image.tag="${CI_COMMIT_REF_SLUG}" \
    --set gitlab.gitaly.image.repository="${gitlab_gitaly_image_repository}" \