Merge branch 'tillerless-gitlab-managed-apps' into 'master'

Implement Tillerless install and uninstall See merge request gitlab-org/gitlab!20894

Merge branch 'tillerless-gitlab-managed-apps' into 'master'
Implement Tillerless install and uninstall See merge request gitlab-org/gitlab!20894
a236468a · Stan Hu · 97f2dcbd · 521e270d · a236468a · a236468a
Commit a236468a authored Dec 12, 2019 by Stan Hu
5 changed files
--- a/lib/gitlab/kubernetes/helm/client_command.rb
+++ b/lib/gitlab/kubernetes/helm/client_command.rb
@@ -5,14 +5,24 @@ module Gitlab
    module Helm
      module ClientCommand
        def init_command
-          # Here we are always upgrading to the latest version of Tiller when
-          # installing an app. We ensure the helm version stored in the
-          # database is correct by also updating this after transition to
-          # :installed,:updated in Clusters::Concerns::ApplicationStatus
-          'helm init --upgrade'
+          if local_tiller_enabled?
+            <<~HEREDOC.chomp
+            export HELM_HOST="localhost:44134"
+            tiller -listen ${HELM_HOST} -alsologtostderr &
+            helm init --client-only
+            HEREDOC
+          else
+            # Here we are always upgrading to the latest version of Tiller when
+            # installing an app. We ensure the helm version stored in the
+            # database is correct by also updating this after transition to
+            # :installed,:updated in Clusters::Concerns::ApplicationStatus
+            'helm init --upgrade'
+          end
        end

        def wait_for_tiller_command
+          return if local_tiller_enabled?
+
          helm_check = ['helm', 'version', *optional_tls_flags].shelljoin
          # This is necessary to give Tiller time to restart after upgrade.
          # Ideally we'd be able to use --wait but cannot because of
@@ -25,6 +35,14 @@ module Gitlab
          ['helm', 'repo', 'add', name, repository].shelljoin if repository
        end

+        private
+
+        def tls_flags_if_remote_tiller
+          return [] if local_tiller_enabled?
+
+          optional_tls_flags
+        end
+
        def optional_tls_flags
          return [] unless files.key?(:'ca.pem')

@@ -35,6 +53,10 @@ module Gitlab
            '--tls-key', "#{files_dir}/key.pem"
          ]
        end
+
+        def local_tiller_enabled?
+          Feature.enabled?(:managed_apps_local_tiller)
+        end
      end
    end
  end

--- a/lib/gitlab/kubernetes/helm/delete_command.rb
+++ b/lib/gitlab/kubernetes/helm/delete_command.rb
@@ -39,7 +39,7 @@ module Gitlab
        private

        def delete_command
-          command = ['helm', 'delete', '--purge', name] + optional_tls_flags
+          command = ['helm', 'delete', '--purge', name] + tls_flags_if_remote_tiller

          command.shelljoin
        end

--- a/lib/gitlab/kubernetes/helm/install_command.rb
+++ b/lib/gitlab/kubernetes/helm/install_command.rb
@@ -49,7 +49,7 @@ module Gitlab
          command = ['helm', 'upgrade', name, chart] +
            install_flag +
            reset_values_flag +
-            optional_tls_flags +
+            tls_flags_if_remote_tiller +
            optional_version_flag +
            rbac_create_flag +
            namespace_flag +

--- a/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/delete_command_spec.rb
@@ -13,40 +13,57 @@ describe Gitlab::Kubernetes::Helm::DeleteCommand do
  it_behaves_like 'helm commands' do
    let(:commands) do
      <<~EOS
-      helm init --upgrade
-      for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+      export HELM_HOST="localhost:44134"
+      tiller -listen ${HELM_HOST} -alsologtostderr &
+      helm init --client-only
      helm delete --purge app-name
      EOS
    end
  end

-  let(:tls_flags) do
-    <<~EOS.squish
-    --tls
-    --tls-ca-cert /data/helm/app-name/config/ca.pem
-    --tls-cert /data/helm/app-name/config/cert.pem
-    --tls-key /data/helm/app-name/config/key.pem
-    EOS
-  end
-
-  context 'when there is a ca.pem file' do
-    let(:files) { { 'ca.pem': 'some file content' } }
+  context 'tillerless feature disabled' do
+    before do
+      stub_feature_flags(managed_apps_local_tiller: false)
+    end

    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
        helm init --upgrade
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
-        #{helm_delete_command}
+        for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        helm delete --purge app-name
        EOS
      end
+    end

-      let(:helm_delete_command) do
+    context 'when there is a ca.pem file' do
+      let(:files) { { 'ca.pem': 'some file content' } }
+
+      let(:tls_flags) do
        <<~EOS.squish
-        helm delete --purge app-name
-        #{tls_flags}
+        --tls
+        --tls-ca-cert /data/helm/app-name/config/ca.pem
+        --tls-cert /data/helm/app-name/config/cert.pem
+        --tls-key /data/helm/app-name/config/key.pem
        EOS
      end
+
+      it_behaves_like 'helm commands' do
+        let(:commands) do
+          <<~EOS
+          helm init --upgrade
+          for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+          #{helm_delete_command}
+          EOS
+        end
+
+        let(:helm_delete_command) do
+          <<~EOS.squish
+          helm delete --purge app-name
+          #{tls_flags}
+          EOS
+        end
+      end
    end
  end


--- a/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
+++ b/spec/lib/gitlab/kubernetes/helm/install_command_spec.rb
@@ -23,22 +23,14 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    )
  end

-  let(:tls_flags) do
-    <<~EOS.squish
-    --tls
-    --tls-ca-cert /data/helm/app-name/config/ca.pem
-    --tls-cert /data/helm/app-name/config/cert.pem
-    --tls-key /data/helm/app-name/config/key.pem
-    EOS
-  end
-
  subject { install_command }

  it_behaves_like 'helm commands' do
    let(:commands) do
      <<~EOS
-      helm init --upgrade
-      for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+      export HELM_HOST="localhost:44134"
+      tiller -listen ${HELM_HOST} -alsologtostderr &
+      helm init --client-only
      helm repo add app-name https://repository.example.com
      helm repo update
      #{helm_install_comand}
@@ -50,7 +42,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
      helm upgrade app-name chart-name
        --install
        --reset-values
-        #{tls_flags}
        --version 1.2.3
        --set rbac.create\\=false,rbac.enabled\\=false
        --namespace gitlab-managed-apps
@@ -59,8 +50,19 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    end
  end

-  context 'when rbac is true' do
-    let(:rbac) { true }
+  context 'tillerless feature disabled' do
+    before do
+      stub_feature_flags(managed_apps_local_tiller: false)
+    end
+
+    let(:tls_flags) do
+      <<~EOS.squish
+      --tls
+      --tls-ca-cert /data/helm/app-name/config/ca.pem
+      --tls-cert /data/helm/app-name/config/cert.pem
+      --tls-key /data/helm/app-name/config/key.pem
+      EOS
+    end

    it_behaves_like 'helm commands' do
      let(:commands) do
@@ -69,6 +71,36 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
        helm repo add app-name https://repository.example.com
        helm repo update
+        #{helm_install_comand}
+        EOS
+      end
+
+      let(:helm_install_comand) do
+        <<~EOS.squish
+        helm upgrade app-name chart-name
+        --install
+        --reset-values
+        #{tls_flags}
+        --version 1.2.3
+        --set rbac.create\\=false,rbac.enabled\\=false
+        --namespace gitlab-managed-apps
+        -f /data/helm/app-name/config/values.yaml
+        EOS
+      end
+    end
+  end
+
+  context 'when rbac is true' do
+    let(:rbac) { true }
+
+    it_behaves_like 'helm commands' do
+      let(:commands) do
+        <<~EOS
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
+        helm repo add app-name https://repository.example.com
+        helm repo update
        #{helm_install_command}
        EOS
      end
@@ -78,7 +110,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=true,rbac.enabled\\=true
          --namespace gitlab-managed-apps
@@ -94,8 +125,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        /bin/date
@@ -109,7 +141,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
@@ -125,8 +156,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -140,7 +172,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --version 1.2.3
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
@@ -156,8 +187,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
-        for i in $(seq 1 30); do helm version && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -184,8 +216,9 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
    it_behaves_like 'helm commands' do
      let(:commands) do
        <<~EOS
-        helm init --upgrade
-        for i in $(seq 1 30); do helm version #{tls_flags} && s=0 && break || s=$?; sleep 1s; echo \"Retrying ($i)...\"; done; (exit $s)
+        export HELM_HOST="localhost:44134"
+        tiller -listen ${HELM_HOST} -alsologtostderr &
+        helm init --client-only
        helm repo add app-name https://repository.example.com
        helm repo update
        #{helm_install_command}
@@ -197,7 +230,6 @@ describe Gitlab::Kubernetes::Helm::InstallCommand do
        helm upgrade app-name chart-name
          --install
          --reset-values
-          #{tls_flags}
          --set rbac.create\\=false,rbac.enabled\\=false
          --namespace gitlab-managed-apps
          -f /data/helm/app-name/config/values.yaml